OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
ACFUG List: Alert: Allaire Forums GetFile bug
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ACFUG List: Alert: Allaire Forums GetFile bug


  • To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
  • Subject: ACFUG List: Alert: Allaire Forums GetFile bug
  • From: Cameron Childress <cameroncMCRAE.COM>
  • Date: Thu, 11 Feb 1999 11:36:57 -0500
  • Approved-By: Russ.CooperRC.ON.CA
  • Importance: Normal
  • In-Reply-To: <61143C10CC8AD211A2F10000F878E683023876ns.rc.on.ca>
  • Reply-To: Cameron Childress <cameroncMCRAE.COM>
  • Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

The problem outlined below seems to effect all Allaire Forums 2.0.x
versions.  Allaire has confirmed that the bug exists, and will be issuing a
security bulletin with details about it and a fix shortly.  Until then, use
the following information at your own risk.

Problem:

A file named GetFile.cfm is found in the root directory of Allaire Forums
2.0.x distributions.  This file will allow anyone to access any file on
servers running Forums.  For example, the following URL string format can be
used to call the server's boot.ini file:

GetFile.cfm?FT=Text&FST=Plain&FilePath=C:\boot.ini

The variables in the above string correspond to the tag in the file, which
is:

<CFCONTENT TYPE="#FT#/#FST#" FILE="#FilePath#">

Solution:

GetFile.cfm does not appear to be used anywhere in any of the Forums
templates.  Simply deleting the file or commenting out the code in the file
should protect your server from this exploit.

-Cameron

--------------------
Cameron Childress
McRae Communications
770.460.7277 x.232
770.460.0963 fax